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(57) Abstract: Refering to figure 1, a scheme for encryp- 
tion and decryption of data between two computer stations 
operating in the Internet environment uses a cookie sent by 
servers (67) to transmit a key (75) for encryption and de- 
cryption. The key (75) can be the cookie value, or the cookie 
value can contain or encompass the key (75) in some form 
known to both machines. The server (67) may encrypt data 
for a client (79) using a key (75) also sent to the client (79) in 
a cookie, and the client (79) may then retrieve the key (75) 
and use it for decrypting data sent Server (67) may also 
use the scheme in a variation to encrypt data on a client (79) 
machine. Two servers may use the scheme as well. In some 
cases a copy of an encryption/decryption (83) engine is sent 
as well, and in some cases the copy sent is temporary. 


WO 01/47176 Al IIIIIUiDEIIllllllllllllllllllllIllllElUI 


Published : For two-letter codes and other abbreviations, refer to t/te "Guid- 

With international search report. ance Notes on Codes and Abbreviations m appearing at the begin- 

— Before the expiration of the time limit for amending the ning of each regular issue of the PCT Gazette, 
claims and to be republished in the event of receipt of 
amendments. 


WO 01/47176 


PCT/US00/42168 


Method and Apparatus for a Revolving Encrypting 
and Decrypting Process 

5 Field of the Invention 

The present invention is in the field of Internet navigation and secure log-in 
and transaction methods and pertains more particularly to methods and apparatus for 
encrypting and decrypting data that is routinely sent over a data-packet network from 
1 0 one computer to another. 

Background of the Invention 

15 The information network known as the world- wide-web (WWW), which is a 

subset of the well-known Internet, is arguably the most complete source of publicly 
accessible information available. Anyone with a suitable Internet appliance such as a 
personal computer with a standard Internet connection may access (go on-line) and 
navigate to information pages (termed web pages) stored on Internet-connected 

20 servers for the purpose of garnering information and initiating transactions with hosts 
of such servers and pages. 

Many companies offer various subscription services accessible via the 
Internet. For example, many people now do their banking, stock trading, shopping, 
and so forth from the comfort of their own homes via Internet access. Typically, a 

25 user, through subscription, has access to personalized and secure WEB pages for such 
functions. By typing in a user name and a password or other personal identification 
code, a user may obtain information, initiate transactions, buy stock, and accomplish a 
myriad of other tasks. 

There are many methods known in the art for providing measures of security 

30 for patrons of on-line services. Secure connections protected by firewalls, 
authenticated certificates authorizing senders of information, encryption methods, and 
others. Many of these methods fall short in one aspect or another of providing 
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complete security for an end user. For example, some encryption programs store both 
the program and key on an end user's station where an unauthorized user may 
compromise both. Many secure connections and servers are not completely immune 
from attack by computer hackers attempting to intercept and steal proprietary data. 
5 Some encryption and decryption programs may be undermined by a persistent hacker 
intent on solving the encryption scheme. 

It has occurred to the inventor that sensitive information may be usurped even 
if encrypted and sent to a user's station for log-in. An unauthorized user may under 
certain circumstances find a decryption key on a user's station. Once found, the key 
10 may be used to decrypt and steal all sorts of sensitive encrypted data. Still a greater 
level of security must be observed for secure auto-logins and other sensitive 
transactions between servers and from servers to user stations. 

What is clearly needed are more secure methods for encrypting and decrypting 
data transferred between computers. 

15 

Summary of the Invention 

In a preferred embodiment of the present invention, in a client-server system, a 
20 method for encrypting and sending data from the server to the client and enabling 
decryption by the client is provided, comprising steps of (a) upon receiving a log-in 
and a data request from the client by the server, sending a cookie to the client, the 
cookie comprising a key value to be used for decrypting the data; (b) encrypting the 
data to be sent to the client using an encryption/decryption engine and the value of the 
25 key; and (c) sending the encrypted data to the client. There may be a further step for 
the client retrieving the key value from the cookie, executing a copy of the decryption 
engine, and decrypting the data. In some cases the server sends a copy of the 
encryption/decryption engine to the client, and this copy may be discarded after use. 
Also a new key may be sent for each session. 
30 In another aspect of the invention a secure client/server system is provided, 

comprising a server having an encryption/decryption engine, access to data, and code 
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for sending a cookie to a user logging in to the server, and a client. The server, upon 
receipt of a data request by a client, sends a cookie to the client wherein the value of 
the cookie comprises an encryption/decryption key, and wherein the server encrypts 
the data requested by the client using the key before transmission to the client. 
5 In preferred embodiments the client, after receiving encrypted data from the 

server, retrieves the key from the cookie value, and uses the key with the 
encryption/decryption engine to decrypt the data. In some cases the server sends a 
copy of the encryption/decryption engine to the client, and the copy may be discarded 
after use. In some cases a new key is sent each time a client logs in to the server. 

10 In another aspect of the invention, in a client-server system, a method for 

encrypting data on a client from a server is provided, comprising steps of (a) upon 
receiving a log-in the client by the server, sending a cookie to the client, the cookie 
comprising a key value to be used for encryption the data, and sending an indication 
of the data to be encrypted; (b) accessing the key value by the client from the cookie 

15 sent; and (c) encrypting the data on the client using an encryption/decryption engine 
and the value of the key retrieved from the cookie value. In some cases the server 
sends a copy of the encryption/decryption engine to the client, and the copy may be 
discarded after use. Also a new key may be sent every session. 

In yet another aspect a secure client/server system is provided, comprising a 

20 server having an encryption/decryption engine, access to data, and code for sending a 
cookie to a user logging in to the server; and a client. In this system the server, upon 
receipt of a log-in by a client, sends a cookie to the client wherein the value of the 
cookie comprises an encryption/decryption key, and sends also an indication of data 
to be encrypted, and wherein the client retrieves the key value from the cookie, and 

25 encrypts the data indicated by the server using the key. Again, in some cases the 
server sends a copy of the encryption/decryption engine to the client, and the copy 
may be discarded after use. Also a new key may be sent for each session. 

In yet another aspect of the invention a method for secure data transfer 
between a first and a second server is provided, comprising steps of (a) the first server 

30 contacting the second server for data; (b) the second server sending a cookie to the 
first server, the value of the cookie comprising a key value for encryption/decryption; 
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(c) encrypting data before transmission by the second server, using the key value; and 

(d) sending the encrypted data to the second server. The second server may send a 
copy of an encryption/decryption engine to the first server, and the first server uses the 
copy with the retrieved key to accomplish decryption. 

5 In various embodiments of the invention taught in enabling detail below, for 

the first time a secure means of data transfer is provided wherein keys for encryption 
and decryption are transferred as a part of a cookie. 


10 Brief Description of the Drawing Figures 

Fig. 1 is a block diagram illustrating a revolving encryption/decryption process 
initiated from a secure server on behalf of a client station according to an embodiment 
of the present invention. 
15 Fig. 2 is a block diagram illustrating a revolving encryption/decryption process 

used in a server to server mode. 

Fig. 3 is a flow diagram depicting a method of practicing the present 
invention. 

20 

Description of the Preferred Embodiments 

In a preferred embodiment of the present invention, a unique method for 
encrypting, decrypting, and sending secure data over a data-packet network is 
25 provided that allows data to be automatically encrypted or decrypted under control of 
a sending node. Such a method is described in enabling detail below. 

Fig. 1 is a block diagram illustrating a revolving encryption/decryption process 
initiated from a WEB server on behalf of a client station according to an embodiment 
of the present invention. A WEB server 67 is provided and adapted to function as an 
30 Internet file server as is known in the art. Server 67 may be adapted to provide portal 


WO 01/47176 


PCT/US00/42168 


-5- 

services, messaging services, HTTP services, Proxy services or any other known 
WEB service to clients who subscribe to such services, or to users in general. 

A client station 79 is provided and adapted as an Internet capable appliance. 
That is, station 79 has enough memory, processing power, and suitable software for 
5 navigating the Internet and interacting with server 67. Client station 79 is adapted for 
accessing server 67 through any known means of Internet connection. It will be 
assumed here that the means used for connecting to server 67 is a standard 
modem/ISP-type Internet-access connection as is most common for public access. 

Server 67 has a software log-in interface 71, which is provided and adapted to 

10 allow users access to any services offered. Log-in to server 67 from station 79 is 
illustrated herein by a directional arrow labeled Log-in. To gain access, a user must 
enter a user name and password as is typical in the art. Once logged in, a user may 
interact with server 67 according to services provided as is generally known in the art. 
Server 67 has a data encryption/decryption software engine 73 provided 

15 therein and adapted to encrypt or decrypt any data stored in or controlled by server 67. 
In this example a user-data block 69 represents data that is requested by and 
designated to be sent to a user. Engine 73 is, in a preferred embodiment, a Java-based 
encryption/decryption program, many of which are known in the art and routinely 
used to encrypt and decrypt data. Engine 73 generates and uses an 

20 encryption/decryption key 75 for the purpose of encrypting or decrypting data as 
illustrated by a double arrow placed between elements 73 and 69. Key 75 is typically 
a line code generated for and used in conjunction with engine 73 for each encryption 
and decryption process. For example, data is encrypted according to the key, and 
must be decrypted according to the same key. 

25 Server 67 has a "cookie" generator software engine provided therein and 

adapted for generating "cookies", which are text files known in the art typically used 
for tracking user navigation on the Internet. Typically a WEB site generates and 
sends a cookie to users who log-in or visit certain WEB pages held in and hosted by 
the server. Once a WEB cookie is sent to a user, it is stored in a user's machine- 

30 cache-memory and is returned to the server the next time a user logs in, as is well 
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known in the art. Only the hosting WEB site has control over generating a cookie for 
that WEB site. 

A cookie in the art has typically both a name and a value, and the value may 
change each time a cookie is sent, again under control of the server. According to a 
5 preferred embodiment of the present invention, decryption key 75 is made to be the 
cookie value, or added or otherwise combined with or appended to the cookie value, 
becoming part of that value, and is sent to users for encrypting or decrypting data 
stored on their machines, or data sent to them from server 67. 

In this example, client station 79 has data block 81 illustrated therein, which 
10 represents data block 69 after it has been received at client station 79. An 
encryption/decryption program 83 represents, in one embodiment, a temporary copy 
of program 73 after being sent from server 67 to station 79. Data-block 81 and engine 
83 are downloaded to a user's WEB browser, represented by element number 82, after 
successful log-in. This is illustrated herein by the directional arrow labeled Send 
15 Data/Program. Data-block 81 may be any type of data that a user has requested from 
server 67. In another embodiment, encryption/decryption engine 83 may be resident 
at station 79, perhaps associated with WEB browser 82 as a plug-in. 

A cookie 84, illustrated as residing in a Web cache 85 provided within station 
79 represents a cookie containing the value of key 75. Key 75 is integrated into 
20 cookie 84 during cookie generation. Key 75, in this case, is a decryption key used for 
decrypting data block 81 at station 79, using engine 83. 

In practice of the present invention, a user operating client station 79 logs into 
server 67 as illustrated by a directional arrow labeled Log-in proceeding from station 
79 and progressing to log-in interface 71. Log-in interface 71 is adapted to prompt a 
25 user for a user name and password in order to verify identity and allow access to full 
services offered by server 67. 

In one embodiment, once a user identity is properly confirmed and a data 
request is verified, server 67 encrypts all user-requested data represented by data 
block 69 using engine 73 as illustrated by a double arrow labeled Encrypt, and 
30 according to key 75. After encryption is completed, server 67 sends encrypted data 
block 69 and a temporary copy of encryption/decryption program 73 (if a user does 
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not already have one) to the user over the Internet as illustrated by a directional arrow 
labeled Send Encryption Engine, Received versions of block 69 and engine 73 are 
downloaded to browser 82 and appear as element 81 (user data) and element 83 
(encryption/decryption engine) respectively. 
5 Key 75, which is the key used for encrypting and decrypting user data 69 at 

server 67, is value-added to a text cookie generated by software 77 as illustrated by 
directional arrows proceeding from engine 73 to key 75 and then to generator 77. The 
cookie (cookie 84) is sent to client station 79 as illustrated by a directional arrow 
labeled Send Cookie where it resides as cookie 84 in WEB cache 85. It is noted 
10 herein that in one embodiment any data held in server 67 and targeted for sending to a 
user may be encrypted with a new key 75 every time the user logs-in to server 67 to 
access services. In another embodiment, encryption may be performed on a less 
frequent basis such as perhaps every 10 sessions or so. Any frequency may be 
applied. 

15 After successful log-in to server 67 and data transfer, a user operating at 

station 79 now has all of his or her requested data in encrypted form, a program for 
decrypting the data, and a key for the program to use in automatically decrypting the 
data. Engine 83 automatically decrypts the received data 81 at client station 79 by 
retrieving cookie 84 from cache 85 as illustrated by a double arrow labeled Retrieve 

20 Key, accessing the key from the cookie value, and using the key in decryption. In this 
example, server 67 is first encrypting requested data and sending it to a client along 
with (if needed) a temporary encryption/decryption program and a key (in the cookie). 
The above-described method allows a user to be sure that no one will intercept and be 
able to decrypt data that he or she is receiving from a server. Moreover, only the 

25 issuing server may change the value of a cookie and key combination. 

In another embodiment, server 67 may encrypt data on client station 79 for any 
purpose, such as for transmission over the Internet back to server 67 or, if server 67 is 
a proxy, by proxy to another server requiring the information for a transaction or the 
like. A transaction data-block 86 is illustrated within browser 82 at station 79 and 

30 represents any data that a user wants to send to a server. A transaction dialog box, 
represented herein by element 87, appears in browser window 82 during a transaction 
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process with a server as is typical and known in the art of WEB navigation. Box 87 
may be a form requiring credit card or other sensitive information used to purchase an 
item or service. 

In this example server 67 is presumed to be a proxy server and clear-text data 
5 in block 86 on client station 79 is first encrypted using engine 83 (downloaded from 
server 67) and cookie 84 (containing key 75). This process is illustrated by the double 
arrow labeled Retrieve Key 9 and a directional arrow proceeding from element 83 to 
element 86. Server 67 would also send an encryption/decryption program and a 
cookie containing key 75 to any WEB server transacting with a user operating station 

10 79. This process is represented by a directional arrow labeled WEB Service illustrated 
at server 67. A target server (WEB service) receives encrypted data from station 79 as 
represented by a directional arrow labeled WEB Service illustrated at station 79. The 
WEB service also has key 75 and program 73 from server 67. Therefore, the target 
server is enabled to automatically decrypt the data from station 79 and for entry into a 

15 form field. The method and apparatus of the present invention may be used with any 
dialog or transaction interface presented by any WEB service. 

In still another embodiment, server 67 may encrypt data at station 79 for 
transmission over the Internet back to server 67. In this embodiment, server 67 retains 
key 75 for the later decryption process. Security in all described embodiments is 

20 enhanced by virtue of the fact that the value of a cookie, including key 75, can only be 
changed by an issuing server and not by a third party. Moreover, key 75 is received in 
cache memory and cannot be manually manipulated for use with program 83 for 
decrypting or encrypting information. Server 67 may encrypt data differently each 
time a user logs on to receive data and send a new cookie/key combination, which 

25 overwrites the old one in cache thereby further enhancing security of data during 
transit. A new encryption/decryption program may be sent in conjunction with every 
new key such that when a user logs-off, the new encryption/decryption program is not 
retained. 

According to yet another embodiment of the present invention, the method 
30 taught above may be practiced between two WEB servers running server software. 
Such an embodiment is described below. 


WO 01/47176 


-9- 


PCTAJS00/42168 


Fig. 2 is a block diagram illustrating a revolving encryption/decryption process 
used in a server to server mode. In this example, two Internet servers are illustrated as 
WEB server 89 and WEB server 91. WEB server 89 is, for the purpose of this 
example, designated as the "sending" server while WEB server 91 is designated as the 
5 "receiving" server. 

Server 89 has a resident encryption/decryption engine 95 provided therein and 
adapted for encrypting and decrypting data as was described with reference to Fig. 1 . 
. A data-block 93 illustrated within server 89 represents any data that is encrypted by 
virtue of engine 95 as illustrated by a double arrow labeled Encrypt. A decryption key 
10 97 is illustrated within server 89 and represents a generated key for decrypting and 
encrypting data in block 93. Server 89 also has a communication interface 101, which 
is provided and adapted for communication with other servers. A cookie generator is 
also provided and adapted to generate and send cookies as is known in the art. 

A data block 103 is illustrated within server 91 and represents encrypted data 
15 93 received from server 89. Server 91 is, in this instance, in receiving mode. Server 
91 has an encryption/decryption engine 105 illustrated therein and adapted for 
encrypting and decrypting data as illustrated by a double arrow labeled Decrypt. In 
one embodiment, engine 105 is a temporary program received from server 89 along 
with data 103. In this example server 89 would always be the controlling server. In 
20 another embodiment, server 91 may be adapted with full encryption/decryption and 
key generating capability such that neither server 89 or 91 is a controlling server. 

Server 91, being the receiving server in this example, has a WEB cache 109 
containing a WEB cookie 110 (received from server 89), and decryption key 97 
retrieved from cookie 110 for data-decrypting purposes. Both servers have 
25 communication interfaces, interface 101 (for server 89) and interface 111 (for server 
91) installed therein and adapted to allow communication over the Internet as known 
in the art. 

Assume now that server 91 has established a connection-data request to server 
89 through communication interface 111, over the Internet, to communication 
30 interface 101. After a communication connection is established between servers 89 
and 91, data (93) is encrypted by encryption/decryption engine 95 using key 97 as 
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illustrated by the double arrow labeled Encrypt. Encrypted data 93 is sent to server 91 
over the open connection (interface 101 to 111). The value of key 97 is integrated 
into a cookie generated by cookie generator 99 and sent to server 91 where it resides 
in cache 109 as WEB cookie 110. This is illustrated by directional arrows first 
5 starting at element 95 and proceeding ultimately to communication interface 101 at 
server 89, and by directional arrows starting at communication interface 1 1 1 at server 
91 and proceeding ultimately to respective elements. 

At server 91, encryption/decryption engine 105 retrieves key 97 from WEB 
cookie 1 10 in cache 109 as illustrated by double arrows placed between the involved 

10 elements. Engine 105 then uses key 97 to decrypt data 103 for use. In the above 
example, server 89 is the controlling server and issues temporary 
encryption/decryption programs and keys to servers requesting secure data. In this 
embodiment, data may be encrypted differently with a new key each time a server 
requests and is granted a connection for data transmission from the controlling server. 

15 In another embodiment, server 89 may encrypt data held at another server for 

transmission back to itself by first sending program 105 and key 97 for the requesting 
server to encrypt data for transmission back. In this case, server 89 would retain a 
copy of key 97 for decryption purposes. 

In still another embodiment, both servers 89 and 91 may be adapted as 

20 controlling servers such that each may send the other a temporary encryption program 
and a key for decryption. There are many possibilities. 

The method and apparatus of the present invention may be practiced on any 
data-packet network that supports the use of cookies, Hyper-Text-Transfer-Protocol 
(HTTP) and other suitable Internet Protocol (IP) without departing from the spirit and 

25 scope of the present invention. For example, a business may use the method as a 
secure data transfer process on a corporate Local- Area-Network (LAN) or Wide- Area- 
Network (WAN). 

In yet another embodiment, a controlling server adapted to send 
encryption/decryption programs and keys may multicast sensitive data to a plurality of 
30 receiving servers or client stations such that all the receivers get the same encrypted 
data securely without fear of intercept. 
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The method and apparatus of the present invention should be afforded the 
broadest scope possible in light of the several embodiments described. The spirit and 
scope of the present invention is limited only by the claims that follow. 
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What is claimed is: 

1 . In a client-server system, a method for encrypting and sending data from the server 
to the client and enabling decryption by the client, comprising steps of: 

5 (a) upon receiving a log-in and a data request from the client by the server, 

sending a cookie to the client, the cookie comprising a key value to be used for 
decrypting the data; 

(b) encrypting the data to be sent to the client using an encryption/decryption 
engine and the value of the key; and 
10 (c) sending the encrypted data to the client. 

2. The method of claim 1 further comprising a step for the client retrieving the key 
value from the cookie, executing a copy of the decryption engine, and decrypting the 
data. 

15 

3. The method of claim 1 comprising a step for the server sending a copy of the 
encryption/decryption engine to the client. 

4. The method of claim 3 wherein the copy of the encryption/decryption engine is 
20 discarded after use. 

5. The method of claim 1 wherein a new key is sent each time a client logs in to the 
server. 

25 6. A secure client/server system, comprising: 

a server having an encryption/decryption engine, access to data, and code for 
sending a cookie to a user logging in to the server; and 
a client; 

characterized in that the server, upon receipt of a data request by a client, 
30 sends a cookie to the client wherein the value of the cookie comprises an 
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encryption/decryption key, and wherein the server encrypts the data requested by the 
client using the key before transmission to the client. 

7. The system of claim 6 wherein the client, after receiving encrypted data from the 
5 server, retrieves the key from the cookie value, and uses the key with the 

encryption/decryption engine to decrypt the data. 

8. The system of claim 6 wherein the server sends a copy of the 
encryption/decryption engine to the client. 

10 

9. The system of claim 8 wherein the copy of the encryption/decryption engine is 
discarded after use. 

10. The system of claim 6 wherein a new key is sent each time a client logs in to the 
15 server. 

1 1. In a client-server system, a method for encrypting data on a client from a server, 
comprising steps of: 

(a) upon receiving a log-in the client by the server, sending a cookie to the 
20 client, the cookie comprising a key value to be used for encryption the data, and 

sending an indication of the data to be encrypted; 

(b) accessing the key value by the client from the cookie sent; and 

(c) encrypting the data on the client using an encryption/decryption engine and 
the value of the key retrieved from the cookie value. 

25 

12. The method of claim 1 1 comprising a step for the server sending a copy of the 
encryption/decryption engine to the client. 


30 


13. The method of claim 12 wherein the copy of the encryption/decryption engine is 
discarded after use. 
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14. The method of claim 1 1 wherein a new key is sent each time a client logs in to the 
server. 

15. A secure client/server system, comprising: 

5 a server having an encryption/decryption engine, access to data, and code for 

sending a cookie to a user logging in to the server; and 
a client; 

characterized in that the server, upon receipt of a log-in by a client, sends a 
cookie to the client wherein the value of the cookie comprises an 
10 encryption/decryption key, and sends also an indication of data to be encrypted, and 
wherein the client retrieves the key value from the cookie, and encrypts the data 
indicated by the server using the key. 

16. The system of claim 15 wherein the server sends a copy of the 
1 5 encryption/decryption engine to the client. 

17. The system of claim 16 wherein the copy of the encryption/decryption engine is 
discarded after use. 

20 18. The system of claim 1 5 wherein a new key is sent each time a client logs in to the 
server. 

19. A method for secure data transfer between a first and a second server, comprising 
steps of: 

25 (a) the first server contacting the second server for data; 

(b) the second server sending a cookie to the first server, the value of the 
cookie comprising a key value for encryption/decryption; 

(c) encrypting data before transmission by the second server, using the key 
value; and 

30 (d) sending the encrypted data to the second server. 
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20. The method of claim 19 wherein the second server sends a copy of an 
encryption/decryption engine to the first server, and the first server uses the copy with 
the retrieved key to accomplish decryption. 
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